Black Hat Digital Self Defense USA 2006


Black Hat USA Training 2006
Caesars Palace Las Vegas • July 29

Course Length: One day. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Because the class requires that a version of IDA Pro 4.8 or 4.9 be installed on the participant's laptop, you must purchase the software directly from DataRescue.

Black Hat Registration

Versioning Analysis With SABRE BinDiff

Halvar Flake, CEO of Sabre Security
Rolf Rolles, Lead Developer of BinDiff for Sabre Security

What to bring:

A laptop running any version of Windows

IDA 4.9+

SABRE BinDiff v2.0 (optional)

What will be supplied:

SABRE BinDiff v2.0 evaluation version

Versioning analysis presents a unique challenge for the reverse engineering community. Reverse engineering a single binary is time-consuming enough; reverse engineering every successive version of that binary adds up to a mind-boggling amount of work, insurmountable without proper tools to aid in analysis. For this reason, SABRE BinDiff was concieved and developed, and ever since has become a mainstay in the reverse engineering sector of information security.

BinDiff works by presenting the analyst with a list of functions that were matched between the binaries, and whether or not they were changed between versions. That information is vital for isolating changes in security patches, analyzing successiv variants of malware, and detecting code theft.

In this course, participants will learn proper usage of SABRE Security's BinDiff. The material will be centered around how to get the most out of BinDiff, followed by as many examples of usage as time permits.

  • Automatically cleaning up IDBs to increase the amount of functions.
  • Preventing IDA from mangling your databases.
  • Detecting subtle changes which don't affect the structure of a function.
  • Incorporating as much debug information as possible into the disassembly.

Other topics that will be covered:

  • Detecting Code theft and GPL violations using SABRE BinDiff
  • Using SABRE BinDiff for malware analysis
  • Cross-platform diffing

To purchase a full version of Bin-Diff directly from Sabre Security:

Software may also be purchased with the class at a discount. Black Hat price is $900. Save $140 off the full price of $1040.


Halvar Flake is SABRE Labs' founder and Black Hat's resident reverse engineer. Originating in the fields of copy protection and digital rights management, he gravitated more and more towards network securityover time as he realized that constructive copy protection is more or less fighting windmills. After writing his first few exploits he was hooked and realized that reverse engineering experience is a very handy asset when dealing with COTS software. With extensive experience in reverse engineering, network security, penetration testing and exploit development he recently joined Black Hat as their main reverse engineer.

Black Hat Registration

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


NO Software

Early Bird:
Ends June 30, 2006

Ends July 27, 2006

Begins July 28, 2006

$1000 USD

$1200 USD

$1300 USD

With a Full Version of BinDiff

$1900 USD

$2100 USD

$2200 USD

Black Hat Logo
(c) 1996-2007 Black Hat